NULL Pointer Dereference in QNX SDP Image Codec by BlackBerry
CVE-2024-48857

7.5HIGH

Key Information:

Vendor: BlackBerry
Status: Qnx Software Development Platform
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-48857?

A vulnerability has been identified in the image codec of QNX SDP where a NULL pointer dereference can be exploited by an unauthenticated attacker. This flaw potentially leads to a denial-of-service condition, affecting the process that utilizes the image codec. All users of QNX SDP versions 8.0, 7.1, and 7.0 are urged to assess their systems for this issue, as it may disrupt service availability.

References

https://support.blackberry.com/pkb/s/article/140334

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025